To be able to build a so-called ecosystem around services offered on the World Wide Web (www) every participant in the ecosystem needs to be authenticated before accessing resources controlled by the service provider. This requires a single sign-on system.
There are numerous challenges to single sign-on scenarios. One of the hardest is the challenge of preventing fake input forms at malicious websites for usernames and passwords. A fake site with a fake login form can acquire the username and password of any user. A normal user or client would typically not hesitate to input his credentials if the input form looked visibly like the input form he or she uses at other sites.